We are now midway through the second month of the new year. This should be a good time for web professionals to review and update their individual security practices. Do your daily practices keep you secure? Are you certain? It is easy to to become complacent with our practices, credentials and equipment. This might be a good time to review individual security fundamentals.
We have all seen the examples where passwords are taped to a monitor or under a keyboard. We know not to do that. But do we periodically stop to consider our daily practices and how they affect security? This might be a good time to ask ourselves the following questions…
With respect to passwords – are yours long and complex? Do you use passphrases? Are they impossible to guess? Do you use a different password on each site? Do you keep your passwords in a vault? Do you change your passwords from time to time?
Do you use two factor authentication (because passwords alone are no longer enough)?
When you are traveling – do you use a VPN (if you must connect to a public network – such as a hotel or airport)? Do you keep your phone and tablet backed up? Do you have the ability to track a device (in the event you lose it)? Do you have the ability to remotely wipe said device (again if it is lost or stolen)?
Do you routinely update your applications and operating system? Do you do this on your phone and tablet as well?
Additionally, do you do a factory reset on devices before you dispose of them (or recycle them)? Do you confirm that all data has really been erased from the device?
Hopefully you have been able to answer in the affirmative to all the above questions. If not, this might be a good time to rethink your practices. This also might be a good time to discuss these topics with colleagues and clients.
We have found the following resources helpful (you might want to share some of these with your colleagues and clients as well). All are links to the SANS website. I am a reviewer of their OUCH newsletter. These are provided because they can also be easily shared with colleagues and clients. Hopefully you find them useful.
- Nice overview of two factor authentication. This article succinctly covers the fundamentals.
- Things to consider to secure your mobile devices. It is often helpful to review the fundamentals (and discuss with clients and colleagues). Often, people may not think of some of these until the realize they left their phone in the back seat of a cab that just pulled away.
- Good overview of password managers (yes, these have become necessary these days).
What other security practices do you employ periodically? Care to share stories of “best practices” and how they helped (either personally or a client)?
As always, we look forward to your comments.
Executive Director and Community Evangelist